change in certificate policy OID handling 0.9.8l -> 0.9.8m ?

OpenSSL user
Sun, 07 Mar 2010 04:20:20 -0800

Hi,

I updated from 0.9.8l to 0.9.8m on my gentoo machine and now openssl can't 
parse anymore my X509v3 Certificate Policies field.


This has worked before with my private and allocated policy OID.

with 0.9.8l output for the same certificate was (cut to have the interesting 
part only):

openssl x509 -in server.crt -text
            X509v3 Certificate Policies:                                        
                                                         
                Policy: 1.3.6.1.4.1.32877.1.2.1                                 
                                                         
                  CPS: http://grim.raapr.org/ca/                                
                                                         
                  User Notice:                                                  
                                                         
                    Explicit Text: Warning, obey to the Certification Practise 
Statement before trusting this certificate.               

and after the update to 0.9.8m it was:

            X509v3 Certificate Policies:
                0..0....+......m...0..0%..
+.........http://grim.raapr.org/ca/0e..+.......0Y.WWarning, obey to the 
Certification Practise Statement before trusting this certificate.
            X509v3 CRL Distribution Points:
                URI:http://grim.raapr.org/ca/sub.crl

the certificate in question is attached here and is used in web server 
mentioned in the common name.

-----BEGIN CERTIFICATE-----                                   
MIIETjCCA7egAwIBAgICAjEwDQYJKoZIhvcNAQELBQAwgYQxLDAqBgNVBAoTI1Jh
ZGlvIEFtYXRldXJzIEFnYWluc3QgUGFja2V0IFJhZGlvMQwwCgYDVQQLEwNXV1cx
IjAgBgNVBAMTGVNTTCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIjAgBgkqhkiG9w0B
CQEWE2tleW1hc3RlckByYWFwci5vcmcwHhcNMTAwMzA2MDAwMDA2WhcNMTAwMzEz
MDAwMDA2WjBxMSwwKgYDVQQKEyNSYWRpbyBBbWF0ZXVycyBBZ2FpbnN0IFBhY2tl
dCBSYWRpbzEaMBgGA1UEAxMRdmlvbGVudC5yYWFwci5vcmcxJTAjBgkqhkiG9w0B
CQEWFmtleW1hc3RlckByYS5yYWFwci5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUYNGxBjj6GUCz4ZS5iT3JC4XknkN+y42rm3yf1hv2agDaTHzW
zQH//cbrcATSGYiy6SVSY5g4rW3wg2q/FHcwwpja8+iJGcW+K6ipjTrVZF73ShHo
BMTwB/+myvPiijtW+0yiWj3mhV9GokzTP/vEd+m3KX2bwdHgMQfFL/Z/nCSwivj0
6AP3oJ2xG9vQUJCvlM/45mNYGa30NvgHPyk5IZ6r1x0Dm/EK01ka6p1oOCs6kGRL
xkpi+ZIbA6WJUuEKqk0X90B77Zzon2iLw0o6VmtlKMlD14lm+CgyoCUaWQhzZmKR
PqTxBU+o/51D6N16+yUqDHR4n6/fVmlEyySHAgMBAAGjggFbMIIBVzAJBgNVHRME
AjAAMA4GA1UdDwEB/wQEAwIF4DA0BgNVHSUELTArBggrBgEFBQcDAQYIKwYBBQUH
AwIGCWCGSAGG+EIEAQYKKwYBBAGCNwoDAzAiBgNVHREEGzAZghF2aW9sZW50LnJh
YXByLm9yZ4cEwROIXTCBrAYDVR0gBIGkMIGhMIGeBgsrBgEEAYKAbQECATCBjjAl
BggrBgEFBQcCARYZaHR0cDovL2dyaW0ucmFhcHIub3JnL2NhLzBlBggrBgEFBQcC
AjBZGldXYXJuaW5nLCBvYmV5IHRvIHRoZSBDZXJ0aWZpY2F0aW9uIFByYWN0aXNl
IFN0YXRlbWVudCBiZWZvcmUgdHJ1c3RpbmcgdGhpcyBjZXJ0aWZpY2F0ZS4wMQYD
VR0fBCowKDAmoCSgIoYgaHR0cDovL2dyaW0ucmFhcHIub3JnL2NhL3N1Yi5jcmww
DQYJKoZIhvcNAQELBQADgYEAEEYwf1crBy+CbXUO6+WR9QenBprCp6OdrkPBisK3
hdgEcgzQKvwjU3ZO/2sMbJjJx+fK9tOGCIg8xdL7IgW7J7GmPM0KGR3tB/jgDjvO
cPjJmoKGS81cKqmZa+k9mND6Jwz3Rc5Q0po8ZEtDsOoXjGl5MX1/dfpwV+y+/mwf
uXI=                                                            
-----END CERTIFICATE-----                                       

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to